Seems a little 'iffy' and overly convoluted to me.
Why not just synchronize your domain to ONE folder, letting the systems sort according to your AD structure and then, in the system tree create two custom filters
- one for "Managed State = Yes and Virus Scan Enterprise Product Version equals (whatever version you want)"
- one for "Managed State = Yes and EndPoint Security Product Version equals (whatever version you want)"
Myself, as I deploy VSE or ENS via TAGS, I just have two filters, one for each TAG.
1 of 1 people found this helpful
I'd do this as a two-step process:
1) Setup an AD sync task. Import all systems into a flat group in the system tree, which I'll call "AD Sync Group" for now. Do not import systems that already exist in the system tree.
2) Create up ENS and VSE tags (if you don't already have them). Create a job that first clears VSE and ENS tags from all systems, then re-applies the tags based on whether they have ENS or VSE installed. Then run a sort against the AD Sync Group, which moves systems into the VSE or ENS system tree groups, based on tag.
That makes the AD Sync Group more of a temporary working group, and then systems are sorted out of that group and into the correct groups.
Thanks guys, really helpful! Both answers combinded helped me figure out a good way of filtering.